Search

Subscribe

Making Handcuff Keys with 3D Printers

Handcuffs pose a particular key management problem. Officers need to be able to unlock handcuffs locked by another officer, so they're all designed to be opened by a standard set of keys. This system only works if the bad guys can't get a copy of the key, and modern handcuff manufacturers go out of their way to make it hard for regular people to get copies of the key.

At the recent HOPE conference, someone made copies of these keys using a 3D printer:

In a workshop Friday at the Hackers On Planet Earth conference in New York, a German hacker and security consultant who goes by the name "Ray" demonstrated a looming problem for handcuff makers hoping to restrict the distribution of the keys that open their cuffs: With plastic copies he cheaply produced with a laser-cutter and a 3D printer, he was able to open handcuffs built by the German firm Bonowi and the English manufacturer Chubb, both of which attempt to control the distribution of their keys to keep them exclusively in the hands of authorized buyers such as law enforcement.

[...]

Unlike keys for more common handcuffs, which can be purchased (even in forms specifically designed to be concealable) from practically any survivalist or police surplus store, Bonowi's and Chubb's keys can't be acquired from commercial vendors. Ray says he bought a Chubb key from eBay, where he says they intermittently appear, and obtained the rarer Bonowi key through a source he declined to name. Then he precisely measured them with calipers and created CAD models, which he used to reproduce the keys en masse, both in plexiglass with a friend's standard laser cutter and in ABS plastic with a Repman 3D printer. Both types of tools can be found in hacker spaces around the U.S. and, in the case of 3D printers, thousands of consumers' homes.

When I read the headline, I imagined a system whereby handcuffs would have an encrypted coding on them, and a police officer could type that code into a machine and the Kerry would be printed. Obvious impracticalities to that idea, but a great way to reverse the technology.

When I read the headline, I imagined a system whereby handcuffs would have an encrypted coding on them, and a police officer could type that code into a machine and the key would be printed. Obvious impracticalities to that idea, but a great way to reverse the technology.

@Victor : But then only the original key can open the handcuffs. Several secure lock system work with sets where each standard key can open only one lock, but the master one can open every lock in the set.

This reminds me of the old keyboxes my grandma, who was a real-estate agent, used for her work. Generally to sell a house you need to let other real estate agents show it, including ones from other firms. The solution that was popular when she was working was to have lockboxes that contained the housekey, and required a really weird-looking (and presumably hard-to-duplicate) type of key to open. Key control must have been a challenge, since every realtor in the country had one. I assume they had to change all the lockboxes several times, since she had several different key types that she didn't even use any more and gave to us to play with.

Nowadays it's been replaced by an electronic system with smart cards and PINs or something along those lines. It has a few nice benefits including key revocation, better audit capabilities (since each box records who opened it and when) and convenience. I have a feeling that handcuffs will have to go in that direction too.

Why not use combination locks on the cuffs instead of lock and key model? The cuffs could lock the moment they are interlocked and open by combination of numbers. For greater complexity use 5 or more digit combination. This way each precinct can have a preshared key common for all the units stationed. The down side would be in case a mole reveals it to outer world, all the handcuffs need to be set to another set of combination.

It would seem one solution to this would be to ensure handcuffs were produced in smallish batches of (for example) 100 or 500 so that if a class break occurred it would only impact on a small % of users. So you buy a key on ebay and unless you know the provenance of the key it's probably not going to work on some random pair of cuffs.

It would also be interesting if someone were to produce a key which was designed to be hard to replicate with 3D printer. Either the shape is so precise that the printer could not make it, or the shape puts the stresses on the key which would cause a plastic copy to snap.

Further off I wonder if it's possible to contemplate digital locks. The key acts much like a conventional key, requiring insertion into the lock during which some form of unique challenge / response authorizes the lock to open. If a class break happens, the cuffs and keys can be reprogrammed. Cuffs could also do neat things like detect if they're being worn by someone, sound an alarm if a person is attempting to struggle out of them, or if leave a holding area etc.

"I guess it's also possible to print keys for those TSA compliant locks..."

Why would anyone waste their time with the locks? Just take a ballpoint pen and shove it through the zipper and it opens right up. Drag the "locked" zipper tabs around to re-zip the bag. This is apparently what the TSA does to get into bags which have non-"TSA approved" locks.

As someone who works in US Law Enforcement I thought I'd comment on this. The idea that handcuff keys are readily available to all is widely known and has been for a long time. Nobody in LE thinks that the key they have is the last line in handcuff security. The complex, expensive and proprietary keys such as those in the story are generally considered a joke due to the need for officers to be able to unlock each other's handcuffs and the associated cost.

The real method for keeping the handcuffee in cuffs is proper handcuffing technique. The hands are cuffed behind the back, which takes them out of the cuffee's field of view. This makes it more difficult to manipulate the cuff, but clearly not impossible. Next is to have the key hole on the cuffs facing away from the hands. When properly done, this makes it impossible for most people to even put a key in the keyhole if they had one. The most important step is to keep the cuffee under observation the whole time. Handcuffs do not mean that a person can just be left alone, especially out in the field.

At police stations, many slow nights are spent trying to get out of handcuffs and watching videos online about getting out of them. Most officers have a very good idea of just how secure handcuffs are and treat them accordingly.

Yea, you can buy handcuff keys pretty much anywhere, no questions asked. Galls sells them online and there's no restriction on sales.

3D printing of a handcuff key is a novelty, sure, but it'd probably be far cheaper to just buy them. Galls has the basic keys for $16.99 for 10 pack.

I was actually coming here to say that and exactly what Seamus already said above. I don't know about anywhere else, but here everyone carries standard cuffs, but Prisoner Transport (where they're often out of direct supervision in the back of the wagon) uses a different key from the standard.

The best solution would be to use an electronic dongal in the key. If the correct code is not programmed into the key the lock won't open. That way the authorities can still have a common key, which would be impossible to replicate without the proper electronics and codes.

Is this perhaps just a lot of hyped publicity for someone who has "discovered" something that is already known and has already been done in regards to other high-security locks?

As "Seamus" ponts out, this may be a lot of noise about something that already exists and is easily addressed by proper procedures. And hacks for high security keys (such as Medeco, etc.) using plastic keys those keys was demonstrrated back in 2008 / 2009.

Like Seamus said: everyone has a handcuff key. Which, by the way, is not at all like a Yale key--it's just a shank with a bump, like the key to your sister's diary. The handcuff is extremely easy to pick with, say, a paperclip. And the cuff is also extremely easy to open without picking the lock at all, by attacking the ratchet mechanism.

Everyone in law enforcement knows that a handcuff is nothing but a temporary restraint, and treats them accordingly. Which, as Seamus said, includes cuffing the hands behind the back, positioned back-to-back, and searching the arrestee carefully.

Electronic models probably wouldn't be feasible until the cost was extremely close to what regular cuffs cost. Handcuffs are abused and broken regularly. Also many departments issue one or two sets and the officer is responsible for buying any more. Most cops I know carry 4 sets. Another issue would be that any electronic set would need to have a physical release mechanism for backup, which would in all likelihood mean it would need a key.

Do any of the vendors sell a pair of handcuffs that are secured with a padlock? This would be the easiest way to solve this problem, for transport situations/etc that require non-standard keys. Just buy a set of locks with a standard key for your department/county/jail system and be done with it. Need to change them? Re-key the padlocks. Simple.

Plastic disposable zip ties have become almost standard at this point for many departments, all that's required are scissors. A small key is easy to conceal for a criminal, scissors or a strong knife, less so.

Holy moly...
What seems to be a common misunderstanding here is that handcuffs are supposed to be impossible to break out of. That's just not true.

1) You can get out of most hand restrainst by dislocating your thumb. Hard to do, and painful, but most definitely possible, and it gets easier every time. ;)

2) Handcuff keys follow a standard because the cuffs are meant to be taken off as quickly as possible, while securing the subject during transport to, or while waiting for transport to a place where the handcuffs are to be removed. Keeping a person in handcuffs is never a good thing (despite what some police officers in the US seem to think).

3) The ability for police/security/detention officers to remove handcuffs can't be hindered - lives may (and often have) depend on that. Therefore, code systems or special keys that may not be distributed to all departments, across departments or even to all members of a department can cost lives. Literally.

Bonowi and Chubbs are extremely dangerous for just those reasons, and everyone should stay the fkuc away from them, let alone put someone in those kind of restraints, simply because those things will be impossible to get off if the key is lost or damaged, and there's no replacement immediately available.

An unbreakable/unpickable set of handcuffs would be a huge problem, because keys would be lost. You'd have to uncuff people with a hacksaw. Then the same thinking that doesn't understand the problem would get people to produce hacksaw-resistant handcuffs, and you'd wind up producing cuffs so hard to remove the people wind up losing their hands.

The cops on this thread have already pointed out why it's not really a problem for handcuff keys to be widely available; you just have to make sure that the cuffee can't escape even if he/she has a key.

Is that a real security vulerability? I mean, the subject locked in handcuffs can't put his hands in a 3D printer (quite literally), so there is no way to him get the keys unless he's helped by someone else -- but that is a non-issue since this second person may bring some lockpicking/chain cutting tool anyway.

It's not technically security through obscurity (or the lack thereof). It's a confidentiality problem - the keys are trusted, and only known/available to a small set of trusted people - when the trust is breached, or the controls around how the keys are controlled are bypassed, then the system is vulnerable. Just like RSA, and how the secret recipe of how the entropy in their tokens was obtained, leading to compromises of Lockheed. Remember one rule, never rely on a security system which requires one party (or a small select few) to keep something secret. It will inevitably fail. Which is why PKI systems will inevitably win.

@Matt (and @S):
Keys for handcuffs were never meant to be trusted, or secret in any way, for the reasons I listed above.
That's also why the less readily available Chubbs and Bonowi systems are so insane.

'''Why would anyone waste their time with the locks? Just take a ballpoint pen and shove it through the zipper and it opens right up. Drag the "locked" zipper tabs around to re-zip the bag. This is apparently what the TSA does to get into bags which have non-"TSA approved" locks. '''

Yes, that would PROBABLY explain why my luggage zippers tend to fail after a short time, with "indent" or rips in the zipper. OOPS :)

I think I'm going to go with properly hinged non-zipper luggage - perhaps a Pelican case. $100-250 is too much for "failures"...

Just adding a bit to Seamus insightful comments- Handcuffs are used to prevent people from getting hurt while supervised, detainees should never be left alone while handcuffed. The security level of a the key is appropriate, but it is interesting that 3d printing works for this application. The spring on most handcuffs is pretty heavy and I would not have guessed plastic would be successful. If it works on handcuffs, it probably works in other applications too. What kind of design software do you need to create 3d printing files?

As has been noted by some above hand cuffs are not designed to be fool proof etc.

The earliest "turnbucle" devices did not even have a lock, but were slow to put on a strugling person, which is why some people still prefered a piece of rope with the simple "handcuff knot" (make a small loop, and then put a loop through from both free ends to make what looks like a bow). It was fast to put on and could be secured with as little as a half hitch.

The one aspect of handcuffs not mentioned here so far is "what hapens when a prisoner has got the cuffs off". Well in a lot of cases you have given them a realy nice little weapon to flail you with and then lock you up with much to your embarrassment (and this does happen from timee to time). I've seen a demonstration of somebody "sliping the cuffs" in just a few seconds.

In many places the "police procedure" was "two officers for attending a prisoner" where one would be close in and the second there incase the prisoner got free and started to fight etc.

But with manpower getting expensive this is changing and this has implications...

For instance searching a prisoner properly is a fairly complex and slow process and I've rarely seen it done properly (one reason is common decency another danger/health risks) For instance searching the mouth or between the leg and the scrotum etc.

The soloution to the problems of speed and decency has often been one based on false assumptions one of which is prohibited objects are "metal or large" so the solution is "a wand and pat down". Oh and another dangerous assumption that gets people into trouble is "the guy before has done his job properly"...

Thus a plastic key is small not metal and easily hidden away with little or no problem.

One hiding place of old is the "false heal" and it's got a lot worse in recent years due to changes in the manufacture of "low cost clothing". If you look at the low budget end of footware you will find "man made soles" that are usually welded or heat glued to the uppers, these one piece soles are usually made in an "injection mold" and this puts not just cost but mechanical constraints on the design so quite often the sole is a "honeycomb" design that is if you look at one they are effectivly lots of square or round holes / tunnels sharing walls. The tunnels are closed at the bottom but left open at the top, and these get covered up with the inner soles that often are easily removable.

So all a person who thinks they are in danger of being handcuffed has to do is wear cheap shoes with a plastic key hidden there, when sitting or kneeling slip the shoe partly off and pull the key out (all of which can be easily assisted by a small loop of ribbon similar to what you often see in battery compartments to help get the batteries out). Then just slip the shoe back on and wait for an appropriate time to use the key and run off etc.

All of which is a bit elaborate in some respects, as has been noted by others above the weak point of hand cuffs is the quick close ratchet. In many designs the "pawl" cann't be "locked" so simply shoving an appropriatly shaped shim down there will lift the pawl and allow the ratchet to slide back thus "springing the lock". The shim can be as simple as the top to a common brand of ball point pen or the pen insert, a "zip tie" or even parts of a belt buckle, shoe lace tip, shirt collar stifener etc etc, the list is almost endless.

Even with cuffs where the pawl can be locked it is often either to much effort to do so or innefective for various reasons. One reason is the old escapologists trick of "tensioning" or "bracing" where by holding their body parts in certain positions and tensing up the muscles they can make the diameter of their wrists etc larger than they are in the relaxed state thereby gaining themselves "wriggle room" to slip the cuff off of the hand. To see how little wriggle room you need hold your hand out flat, then keeping the thumb stiff bring it across so the tip touches the gap between your middle and ring finger then whilst keeping the thumb and fingers stiff try to trace around the ring finger and little finger. You will with even a little practice find a possition where you can slip a tight bracelet over the thumb joint. If in doubt ask a bracelet wearing young lady to show you ;-)

Unless you are a "customs officer" or very well trained security officer you would probably be surprised at just how many places there are to hide small but valuable items in/on a person and their clothing.

But getting back to the keys and the demo, I'm a little surprised by,

Then he precisely measured them with calipers...

This realy is not necessary I used to "cut keys by sight" and you can do it from a photograph provided you have a point of refrence for scaling.

The reasons for this are "standard parts" and "bind".

A lock manufacture wants to minimise component inventory thus if you have a five leaver lock it's an almost certain bet the width of the leavers are all going to be the same. Likewise the "cut depth" is going to be in standard units of measure and this can often be seen just by looking at the hight/depth of cut on the key.

Because a lock has to be used in many environments and tempratures and sometimes where the temprature changes fairly rapidly by over 50 degrees C (think outside winter to feverish body heat gives -40 to just under +40 C in a few seconds) "mechanical bind" is a serious issue. Thus the "bi-metalic" effects need to be given either serious consideration or mitigation. Generaly the route chosen by the manufacturers is mitigation by "clearence allowance" or what is in effect "slop" and it's this that gives the "wriggle room" for lockpicking and all other illicit working of the mechanisms in a pair of handcuffs. In some cases and dimensions the slop can be well over 1mm.

So you might not even have to buy a key just see a photo of it in a manufactures catalog or on an online sale or other site.

But prisoners have "time on their hands" which is why Prison Warders have to be vigilant to keep keys out of sight from prisoners. Because with just one good look for a second may be enough for quite a few prisoners to cut a key a few hours later in their cell etc. And yes this has been done by prisoners many many times over the years.

Some people may remember that Bruce had a page where a Prison put in "electronic locks" that had "bio-metrics" and within days prisonerss were getting through the doors into places they shouldn't be in using very simple techniques.

There is an important security lesson there and even a life moral,

High Tech usually failes to Low Tech attacks, So High Tech Solutions are often more vulnerable over all.

Which is a fancy way of stating the "KISS principle" that "real world engineers" know oh so well and have the battle scars and war stories to prove it.

For transport of prisoners (especially high security prisoners) one would assume they would use something like this:http://www.flickr.com/photos/londoncuff/4971019065/
that is then secured with a proper padlock. In that situation I doubt the prisoner could escape even if they had all the keys.

The Black Hat time of the year never fails to produce unwelcome surprises for more than one security technologies vendor. I actually wonder if and to which extent companies like Chubb and Bonowi figure in cost and mitigation of breached/broken products into their product life cycle management. From a risk management perspective, surely they must have looked into the possibility of keys getting out in the wild through theft or LEO's in need of some extra income. As well as the copying thereof by 3D printing. If people can use it to create working AR-15 lower receivers and other weapons parts, than how difficult can it be to do a key ?

The same question for shady companies like Gamma Technologies who saw their elusive FinFisher/FinSpy government spy kit dissected in public yesterday and may wish to have contingency plans in place for, among other things, their C&C server(s) getting sinkholed. But, as already pointed out by @Northern Realist, the grand prize for pwnage in this category this week goes to Onity who had their key card locks broken by a young security researcher using nothing more than 50$ of off-the-shelf hardware and a little bit of programming. Gives access to an estimated 4 million of hotel rooms and apparently with no simple upgrade mechanism in place. I presume commercial versions will be available soon from the usual resources, if not already from your local NSA outlet.

This discussion pretty perfectly illustrates the tradeoffs between false positives and false negatives. It's not just keeping people in handcuffs effectively, it's getting them back out when you want/need to.

And the zip ties may be effective under some circumstances, but they're also a serious liability issue if not properly applied and timely removed.

"The Black Hat time of the year never fails to produce unwelcome surprises for more than one security technologies vendor."

Actually I think that this thread shows what I've long suspected about the Black Hat announcements; that is that these 'vulnerabilities' are superficially showy and seem to the uninitiated to be a serious threat but to those who understand the operating environment are actually are nothing of the sort. Very much like the ePassport 'hack' a couple of years back, they gained a lot of press for something that wasn't really a vulnerability at all.

The unwelcome surprise is that some security vendors have to waste a couple of weeks trying to explain in words of two syllables or fewer to a technology illiterate and skeptical press why a non-issue really is a non-issue.

I used to work for a police department (as a support tech), and I now work for a company that makes handcuffs.

Several police commenters above, and also SnallaBolget, have pretty much hit the nail on the head on how this “attack” completely misunderstands how handcuffs are used and what properties matter. There are a couple of additional points they missed, though.

My first main point: the number one design criterion for handcuffs is extremely robust reliability; number two is simplicity of operation. These things are exposed to dirt, sweat, chemicals and impact damage for years on end, and receive very little maintenance. Yet when required, they must go on (and come off) instantly, one hundred percent of the time, with a single smooth, one-handed movement executed potentially in darkness under conditions of physical stress.

This is why the keys are so crude. Whether they are easy to pick is of minor importance; what matters is “does the lock operate smoothly and reliably when it is packed full of mud?” In fact they are not even technically conisdered locks, and the employees who make and maintain them are fitters, not locksmiths.

As such, I seriously doubt that these “fancy key” handcuffs are even intended for general police issue. If they are, then it is a poor design. I speculate that handcuffs like this might be meant for something like scheduled transport of a high security prisoner. If that is the case then the attack is of slightly more concern, but it is still a long way short of a “system break”, and countermeasures are simple and obvious. The more serious concern in this case has already been exposed: someone is leaking the special keys. Useful to have that confirmed.

My second main point: handcuffs are a very minor business line. Handcuffs are well under 1% of our business and not very profitable. I assume we make them largely as a courtesy for our police customers. Even so it is only practicable because the tooling is largely reused from other products that are much more important to us, but not in constant production.

Our design is pretty old, but very, very reliable. Occasionally the customer sees some fancy new design and asks if we can make it. We look at licensing and re-tooling costs, plus how many articles will need to be destroyed for reliability testing, and give them a quote; they go off and think about it and invariably come back with “not worth it, the existing ones are doing fine.”

OK, some secondary remarks.
@Clive: the policy regarding number of officers to fit restraints to a prisoner is part of a prisoner transfer procedure, not normal arrest procedure. The latter is much more flexible because circumstances are too unpredictable. In this jurisidiction, the policy is two officers for a non-violent offender, and five (four working, one supervising/backup) for a violent offender. This policy is immune to budget cuts for two reasons: it is an OH&S policy, and those are off-limits; also, it is easy to see that cutting numbers is a false economy. The restraint fitting procedure takes less than two minutes, so even with ten officers the cost is negligible. But if struggling with an offender causes so much as sprained back to either party, then watch your budget blow out!

Finally, regarding “plasticuffs”. Yes, it is possible for a strong man to simply tear them off. However if your wrists aren't bleeding at the end of the process, or if you can tear them off without being very strong, then: you are kidding yourself. The cable ties you are using are a much lighter grade than the ones used for prisoner restraints. Prisoner restraint ones have a breaking strain of over 400 pounds. And if the prisoner does look especially burly: just use two.

You're all trying to find a solution to a problem that does not exist... This article is attempting to "shed light" on a non-issue.
Handcuffs are almost all keyed alike because of necessity. It's a far greater concern that someone would not be able to take a pair of cuffs off a person than the possibility that the person has their own key and will get out of them.
You don't need a $4000 3D printer to make a key. The keys are available on Amazon for about $7. I remember that when I was a kid (before the internet) you could buy them just about anywhere as well. Despite that fact, there's no rash of prisoners escaping because of handcuff keys. Handcuffs are for temporary custody of a prisoner/suspect/etc. They are not for long term, unsupervised use. Anyone put in handcuffs are searched. If that person escapes by using a hidden key then the search quality is questioned, not the choice of handcuffs. That's not an oversight, it's common sense.
I realize this article is about a brand of cuffs that has a different key from all the rest but, every one they sell has the same key for that brand. If anyone is using those cuffs you will find they are using them across an entire department.
If anything, this is more of a copyright issue than a security issue.

> If anything, this is more of a copyright issue than a security issue.

Oy, no. Somehow, while reading the combined 17 volumes of Nimmer on Copyright and Patry on Copyright, you missed the part where only certain specific kinds of creative works are covered (and utilitarian elements aren't). Here's a hint: everything about the original keys which enables them to open the cuffs, isn't covered by copyright; everything else --- might or might not be.

Ray here, the guy who presented this at HOPE. Thanks to Mr. Schneier for blogging it, it's nice to see this discussed in such a security-educated audience.

Reading through the various comments I'd like to point out a few things...

First: my presentation at HOPE was not mainly about these keys. It was a 55 minute talk about concealable keys, improvised handcuff picking tools, new handcuffs, mechanisms, design failures - and the mentioned computer generated keys. The most interesting discovery there in my opinion was that both technologies produced strong enough keys to reliably overcome the springs in 2 of the 3 models - not that it was possibly to copy the shape at all. Everybody can copy such a simple shape using basic tools by hand. But the 3D-Printer/Lasercut approach possibly raises the awareness that this is not just a theoretical attack.

And yes: most handcuffs use a standard key and there are reasons for that - and those keys can easily be bought in metal and plastic. I was attacking the more special cuffs mainly because the manufacturers try to limit their availability to law enforcement - which in my opinion creates wrong expectations on the LE side.

It is OK to use identically keyed cuffs as long as each officer is aware that this is a security risk - and acts accordingly. But if it somehow is implied the cuffs use a secret key that might not always be the case. We all know that security by obscurity doesn't work, I just tried to get the word out to handcuff manufacturers marketing departments as well as their buyers. I presented the first 3D printed handcuff key at HAR 2009 - opening the dutch handcuffs which also were used by the on site police. And talking to them clearly showed that they had the impression their key is something special and secret, obviously because they were told so in their training - even though it is even wider available than the ones I had at HOPE.

The mentioned cuffs are by the way by no means bad designed. The Chubb has a quite advanced (for handcuffs) locking mechanism and the Bonowi some quite clever features - both can be picked, but both are much harder to pick than standard and some other high security cuffs. But nobody should rely on the key being secret - independent from my presentation at HOPE, especially as I did not need any special skills to get the originals. And yes - it for sure would also have been possible from pictures, which are even on some official sites... I just didn't do it because I didn't have to.